As of today, lsh-1.4.1 is available. The only difference from the lsh-1.4 of yesterday is the --enable-initgroups-workaround option for ./configure.
Available at http://www.lysator.liu.se/~nisse/archive/lsh-1.4.1.tar.gz ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-1.4.1.tar.gz I'm including the ANNOUNCE file below. /Niels I'd like to announce a new version of LSH, the GNU implementation of the secure shell protocols. LSH includes a client, a server, and a few scripts and utility programs. The LSH-1.4 release, and any following LSH-1.4.x updates, are intended to be stable. New features will be added to LSH-1.5.x. FEATURES The most notable new features in LSH-1.4 are o Random numbers are generated using the Yarrow pseudorandomness generator, which improves security in particular on systems without /dev/random. A new program lsh-make-seed is provided for initializing the generator. o Both lsh and lshd now expire session keys and performs key-reexchange regularly. o AES is now the default cipher. Faster assembler versions are included for x86 and sparc. o Client and server support for subsystems. o lsh supports X11 forwarding; lshd support is not yet implemented. o Implemented handshake timeout. o lshd handles SIGHUP by closing its listening socket, and then waiting for existing connections to be closed before exiting. This makes it easier to restart lshd in a friendly way. o Proper utmp logging. o Improved handling of process suspend, and other process related things. Some of the older (LSH-1.0 and LSH-1.2) features are o Strong encryption and data authentication. o Strong host authentication using public key techniques, DSA and RSA keys. o User authentication by either ordinary UN*X passwords or public key techniques. o Spawning of remote shells and commands, including pseudo tty support. o A "gateway" interface, which lets you create a single SSH connection to a remote host, and reuse that connection for later commands. Ideal for applications like remote CVS. o Forwarding of TCP connections, in both directions. o Zlib compression. o Limited Kerberos support, comparable to that available for the original sshd. o Experimental support for Secure Remote Password (SRP) authentication. o Experimental support for IPv6. o A manual. COMPATIBILITY AND PORTABILITY LSH implements the secsh protocol as defined by the latest drafts from the IETF secsh working group. It interoperates with both SSH Inc's SSH2 products and OpenSSH. Note that LSH is *not* compatible with SSH1, although the lshd deamon can fall back to an SSH1 implementation (e.g. OpenSSH or SSH Inc's) when an ssh1 client connects. LSH is reported to have worked at least once on GNU/Linux on Sparc, Intel, PPC and Alpha, FreeBSD, Solaris and IRIX. There may well be portability problems left, please report them to me. QUALITY LSH is provided AS IS, ABSOLUTELY no GUARANTEES, etc. Please report any bugs you find. COPYRIGHT LSH is distributed under the terms and conditions of the GNU General Public License. Unlike some other secsh implementations, you can use LSH freely for any purpose. AVAILABILITY AND FURTHER INFORMATION The main LSH archive is located at ftp://ftp.lysator.liu.se/pub/security/lsh Discussions about LSH takes place on the psst mailing list. See the psst home page, http://www.net.lut.ac.uk/psst, for details. Happy hacking, /Niels M�ller, <[EMAIL PROTECTED]>
